The Maze Ransomware group revolutionized ransomware operations in 2019 by adopting a double-extortion strategy. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.
Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data.
Long before ransomware gangs started extorting victims through the use of stolen data, other threat actors had already been using this practice.
One well-known and highly publicized hacker who performed this practice was The Dark Overlord, who stole data and demanded ransoms from Disney, Netflix, and insurance companies.
Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members.
While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors' data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases.
However, it would not be surprising if the marketplace is used to extort victims into purchasing their data to prevent it from being sold to other threat actors.
The Industrial Spy marketplace offers different tiers of data offerings, with "premium" stolen data packages costing millions of dollars and lower-tier data that can be bought as individual files for as little as $2.
The marketplace also offers free stolen data packs, likely to entice other threat actors to use the site.
Some of the companies whose data is offered in the "General" category are known to have suffered ransomware attacks in the past.
Therefore, the threat actors may have downloaded this data from ransomware gang's leak sites to resell on Industrial Spy.
Promoted through cracks and adware
|
||||
|
